The parse function in Email::Address module before 1.905 for Perl uses an inefficient regular expression, which allows remote attackers to cause a denial of service (CPU consumption) via an empty quoted string in an RFC 2822 address.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| email::address_module_project | email::address | 1.881 |
| email::address_module_project | email::address | 1.882 |
| email::address_module_project | email::address | 1.888 |
| email::address_module_project | email::address | 1.887 |
| email::address_module_project | email::address | 1.6 |
| email::address_module_project | email::address | 1.890 |
| email::address_module_project | email::address | 1.80 |
| fedoraproject | fedora | * |
| email::address_module_project | email::address | 1.85 |
| email::address_module_project | email::address | 1.883 |
| email::address_module_project | email::address | 1.1 |
| email::address_module_project | email::address | 1.885 |
| email::address_module_project | email::address | 1.894 |
| email::address_module_project | email::address | 1.891 |
| email::address_module_project | email::address | 1.870 |
| email::address_module_project | email::address | 1.893 |
| email::address_module_project | email::address | 1.3 |
| email::address_module_project | email::address | 1.895 |
| email::address_module_project | email::address | 1.880 |
| email::address_module_project | email::address | 1.886 |
| email::address_module_project | email::address | 1.898 |
| email::address_module_project | email::address | 1.896 |
| email::address_module_project | email::address | 1.892 |
| email::address_module_project | email::address | 1.901 |
| email::address_module_project | email::address | 1.2 |
| email::address_module_project | email::address | 1.5 |
| email::address_module_project | email::address | 1.884 |
| email::address_module_project | email::address | 1.900 |
| email::address_module_project | email::address | 1.902 |
| email::address_module_project | email::address | 1.903 |
| email::address_module_project | email::address | 1.897 |
| email::address_module_project | email::address | 1.871 |
| email::address_module_project | email::address | 1.899 |
| email::address_module_project | email::address | * |
| email::address_module_project | email::address | 1.7 |
| email::address_module_project | email::address | 1.86 |
| email::address_module_project | email::address | 1.889 |
Email::Address module before 1.904 for Perl uses an inefficient regular expression, which allows remote attackers to cause a denial of service (CPU consumption) via vectors related to "backtracking into the phrase," a different vulnerability than CVE-2014-0477.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| email::address_module_project | email::address | 1.881 |
| email::address_module_project | email::address | 1.882 |
| email::address_module_project | email::address | 1.888 |
| email::address_module_project | email::address | 1.887 |
| email::address_module_project | email::address | 1.6 |
| email::address_module_project | email::address | 1.890 |
| email::address_module_project | email::address | 1.80 |
| email::address_module_project | email::address | 1.85 |
| email::address_module_project | email::address | 1.883 |
| email::address_module_project | email::address | 1.1 |
| email::address_module_project | email::address | 1.885 |
| email::address_module_project | email::address | 1.894 |
| email::address_module_project | email::address | 1.891 |
| email::address_module_project | email::address | 1.870 |
| email::address_module_project | email::address | 1.893 |
| email::address_module_project | email::address | 1.3 |
| email::address_module_project | email::address | 1.895 |
| email::address_module_project | email::address | 1.880 |
| email::address_module_project | email::address | 1.886 |
| email::address_module_project | email::address | 1.898 |
| email::address_module_project | email::address | 1.896 |
| email::address_module_project | email::address | 1.892 |
| email::address_module_project | email::address | 1.901 |
| email::address_module_project | email::address | 1.2 |
| email::address_module_project | email::address | 1.5 |
| email::address_module_project | email::address | 1.884 |
| email::address_module_project | email::address | 1.900 |
| email::address_module_project | email::address | 1.902 |
| email::address_module_project | email::address | 1.897 |
| email::address_module_project | email::address | 1.871 |
| email::address_module_project | email::address | 1.899 |
| email::address_module_project | email::address | * |
| email::address_module_project | email::address | 1.7 |
| email::address_module_project | email::address | 1.86 |
| email::address_module_project | email::address | 1.889 |
The parse() method in the Email::Address module through 1.909 for Perl is vulnerable to Algorithmic complexity on specially prepared input, leading to Denial of Service. Prepared special input that caused this problem contained 30 form-field characters ("\f").
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-407,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| email::address_module_project | email::address | * |